General
-
Target
6EC77929D5F70F9BC4724D23DDBC2653.exe
-
Size
838KB
-
Sample
210418-62cq4d9by2
-
MD5
6ec77929d5f70f9bc4724d23ddbc2653
-
SHA1
da208bfa51ed091056f03dff8f1ba540472210d8
-
SHA256
03e3837f16d46a1a0a13904fae467c105b1aae66b382e8313b20b90269e53ed6
-
SHA512
370d956fb270a6f136a85983542195414790b116dd4166d448b7c55c9846e18959758117cd399196c62c51f1817a2e633e2e95d10565c4858250f7162f0ddfe6
Static task
static1
Behavioral task
behavioral1
Sample
6EC77929D5F70F9BC4724D23DDBC2653.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
6EC77929D5F70F9BC4724D23DDBC2653.exe
-
Size
838KB
-
MD5
6ec77929d5f70f9bc4724d23ddbc2653
-
SHA1
da208bfa51ed091056f03dff8f1ba540472210d8
-
SHA256
03e3837f16d46a1a0a13904fae467c105b1aae66b382e8313b20b90269e53ed6
-
SHA512
370d956fb270a6f136a85983542195414790b116dd4166d448b7c55c9846e18959758117cd399196c62c51f1817a2e633e2e95d10565c4858250f7162f0ddfe6
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-